# generate rsa key pair and auto-signed x.509 certificate ramfs -p cd /tmp auth/rsagen -b 2048 -t 'service=tls owner=*' >key auth/rsa2x509 'C=FR ST=Paris L=Paris O=9grid.eu CN=sombrero.9grid.eu' key | auth/pemencode CERTIFICATE >/sys/lib/tls/cert.pem cat key >/mnt/factotum/ctl # alternative: generate a certification request from openssl and sign it with a ca openssl req -newkey rsa:2048 -keyout key.pem -out csr.pem -subj "/C=FR/ST=Paris/L=Paris/O=9grid.eu/CN=sombrero.9grid.eu" -nodes # csr.pem -> ca -> crt.pem openssl rsa -in key.pem -inform PEM -out key.der -outform DER -traditional auth/asn12rsa -t 'proto=rsa service=tls owner=*' key.der >key cp crt.pem /sys/lib/tls/cert.pem # store key in factotum ramfs -p cd /tmp auth/secstore -g factotum cat key >>factotum auth/secstore -p factotum cat factotum | read -m >/mnt/factotum/ctl # example: a tls tunnel to venti httpd echo '#!/bin/rc exec tlssrvtunnel tcp!127.0.0.1!8000 tcp!*!8443 >[2]/sys/log/httpd/venti' >/rc/bin/service/tcp8443 chmod +x /rc/bin/service/tcp8443 # example: launch httpd using https ip/httpd/httpd -c /sys/lib/tls/cert.pem # example: launch httpd using https (with certificate chain) hget http://www.gandi.net/static/CAs/GandiStandardSSLCA2.pem > /sys/lib/tls/GandiStandardSSLCA2.pem ip/httpd/httpd -c /sys/lib/tls/cert.pem -C /sys/lib/tls/GandiStandardSSLCA2.pem